diff options
author | netblue30 <netblue30@yahoo.com> | 2016-03-26 21:16:48 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2016-03-26 21:16:48 -0400 |
commit | 1c56e0bdfacdf0125d0f1f2619bd1727fe496e6b (patch) | |
tree | c6cedeb968f318fb2f7ad2a126581741f4c48a03 | |
parent | profile work (diff) | |
download | firejail-1c56e0bdfacdf0125d0f1f2619bd1727fe496e6b.tar.gz firejail-1c56e0bdfacdf0125d0f1f2619bd1727fe496e6b.tar.zst firejail-1c56e0bdfacdf0125d0f1f2619bd1727fe496e6b.zip |
consolidating disable-mgmt and disable-sercret into disable-common
63 files changed, 44 insertions, 135 deletions
diff --git a/etc/Mathematica.profile b/etc/Mathematica.profile index 213aa85e5..c3ce7b618 100644 --- a/etc/Mathematica.profile +++ b/etc/Mathematica.profile | |||
@@ -5,8 +5,6 @@ mkdir ~/.Wolfram Research | |||
5 | whitelist ~/.Wolfram Research | 5 | whitelist ~/.Wolfram Research |
6 | whitelist ~/Documents/Wolfram Mathematica | 6 | whitelist ~/Documents/Wolfram Mathematica |
7 | include /etc/firejail/whitelist-common.inc | 7 | include /etc/firejail/whitelist-common.inc |
8 | include /etc/firejail/disable-mgmt.inc | ||
9 | include /etc/firejail/disable-secret.inc | ||
10 | include /etc/firejail/disable-common.inc | 8 | include /etc/firejail/disable-common.inc |
11 | include /etc/firejail/disable-programs.inc | 9 | include /etc/firejail/disable-programs.inc |
12 | include /etc/firejail/disable-devel.inc | 10 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/audacious.profile b/etc/audacious.profile index 08537b0b4..49417fbfe 100644 --- a/etc/audacious.profile +++ b/etc/audacious.profile | |||
@@ -1,6 +1,4 @@ | |||
1 | # Audacious media player profile | 1 | # Audacious media player profile |
2 | include /etc/firejail/disable-mgmt.inc | ||
3 | include /etc/firejail/disable-secret.inc | ||
4 | include /etc/firejail/disable-common.inc | 2 | include /etc/firejail/disable-common.inc |
5 | include /etc/firejail/disable-programs.inc | 3 | include /etc/firejail/disable-programs.inc |
6 | include /etc/firejail/disable-devel.inc | 4 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/bitlbee.profile b/etc/bitlbee.profile index 16d013bdd..c3bd58298 100644 --- a/etc/bitlbee.profile +++ b/etc/bitlbee.profile | |||
@@ -1,7 +1,6 @@ | |||
1 | # BitlBee instant messaging profile | 1 | # BitlBee instant messaging profile |
2 | noblacklist /sbin | 2 | noblacklist /sbin |
3 | noblacklist /usr/sbin | 3 | noblacklist /usr/sbin |
4 | include /etc/firejail/disable-mgmt.inc | ||
5 | include /etc/firejail/disable-common.inc | 4 | include /etc/firejail/disable-common.inc |
6 | include /etc/firejail/disable-programs.inc | 5 | include /etc/firejail/disable-programs.inc |
7 | include /etc/firejail/disable-terminals.inc | 6 | include /etc/firejail/disable-terminals.inc |
diff --git a/etc/cherrytree.profile b/etc/cherrytree.profile index 25e983b5c..09e87f043 100644 --- a/etc/cherrytree.profile +++ b/etc/cherrytree.profile | |||
@@ -1,6 +1,4 @@ | |||
1 | # cherrytree note taking application | 1 | # cherrytree note taking application |
2 | include /etc/firejail/disable-mgmt.inc | ||
3 | include /etc/firejail/disable-secret.inc | ||
4 | include /etc/firejail/disable-common.inc | 2 | include /etc/firejail/disable-common.inc |
5 | include /etc/firejail/disable-programs.inc | 3 | include /etc/firejail/disable-programs.inc |
6 | include /etc/firejail/disable-devel.inc | 4 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/chromium.profile b/etc/chromium.profile index c9b857e71..751426db8 100644 --- a/etc/chromium.profile +++ b/etc/chromium.profile | |||
@@ -2,8 +2,6 @@ | |||
2 | noblacklist ~/.config/chromium | 2 | noblacklist ~/.config/chromium |
3 | noblacklist ~/.cache/chromium | 3 | noblacklist ~/.cache/chromium |
4 | noblacklist ~/keepassx.kdbx | 4 | noblacklist ~/keepassx.kdbx |
5 | include /etc/firejail/disable-mgmt.inc | ||
6 | include /etc/firejail/disable-secret.inc | ||
7 | include /etc/firejail/disable-common.inc | 5 | include /etc/firejail/disable-common.inc |
8 | include /etc/firejail/disable-programs.inc | 6 | include /etc/firejail/disable-programs.inc |
9 | include /etc/firejail/disable-terminals.inc | 7 | include /etc/firejail/disable-terminals.inc |
diff --git a/etc/clementine.profile b/etc/clementine.profile index 8f4670f3b..4737541db 100644 --- a/etc/clementine.profile +++ b/etc/clementine.profile | |||
@@ -1,6 +1,4 @@ | |||
1 | # Clementine media player profile | 1 | # Clementine media player profile |
2 | include /etc/firejail/disable-mgmt.inc | ||
3 | include /etc/firejail/disable-secret.inc | ||
4 | include /etc/firejail/disable-common.inc | 2 | include /etc/firejail/disable-common.inc |
5 | include /etc/firejail/disable-programs.inc | 3 | include /etc/firejail/disable-programs.inc |
6 | include /etc/firejail/disable-terminals.inc | 4 | include /etc/firejail/disable-terminals.inc |
diff --git a/etc/conkeror.profile b/etc/conkeror.profile index 280403811..57fedac61 100644 --- a/etc/conkeror.profile +++ b/etc/conkeror.profile | |||
@@ -1,7 +1,5 @@ | |||
1 | # Firejail profile for Conkeror web browser profile | 1 | # Firejail profile for Conkeror web browser profile |
2 | noblacklist ${HOME}/.conkeror.mozdev.org | 2 | noblacklist ${HOME}/.conkeror.mozdev.org |
3 | include /etc/firejail/disable-mgmt.inc | ||
4 | include /etc/firejail/disable-secret.inc | ||
5 | include /etc/firejail/disable-common.inc | 3 | include /etc/firejail/disable-common.inc |
6 | include /etc/firejail/disable-programs.inc | 4 | include /etc/firejail/disable-programs.inc |
7 | include /etc/firejail/disable-terminals.inc | 5 | include /etc/firejail/disable-terminals.inc |
diff --git a/etc/deadbeef.profile b/etc/deadbeef.profile index 01378cbc4..4f222947f 100644 --- a/etc/deadbeef.profile +++ b/etc/deadbeef.profile | |||
@@ -1,6 +1,4 @@ | |||
1 | # DeaDBeeF media player profile | 1 | # DeaDBeeF media player profile |
2 | include /etc/firejail/disable-mgmt.inc | ||
3 | include /etc/firejail/disable-secret.inc | ||
4 | include /etc/firejail/disable-common.inc | 2 | include /etc/firejail/disable-common.inc |
5 | include /etc/firejail/disable-programs.inc | 3 | include /etc/firejail/disable-programs.inc |
6 | include /etc/firejail/disable-devel.inc | 4 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/deluge.profile b/etc/deluge.profile index 21d178c08..aeafb7a4a 100644 --- a/etc/deluge.profile +++ b/etc/deluge.profile | |||
@@ -1,6 +1,4 @@ | |||
1 | # deluge bittorernt client profile | 1 | # deluge bittorernt client profile |
2 | include /etc/firejail/disable-mgmt.inc | ||
3 | include /etc/firejail/disable-secret.inc | ||
4 | include /etc/firejail/disable-common.inc | 2 | include /etc/firejail/disable-common.inc |
5 | include /etc/firejail/disable-programs.inc | 3 | include /etc/firejail/disable-programs.inc |
6 | include /etc/firejail/disable-devel.inc | 4 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/disable-common.inc b/etc/disable-common.inc index c7f36bbfd..a909afeb5 100644 --- a/etc/disable-common.inc +++ b/etc/disable-common.inc | |||
@@ -81,3 +81,44 @@ read-only ${HOME}/.xscreensaver | |||
81 | # The user ~/bin directory can override commands such as ls | 81 | # The user ~/bin directory can override commands such as ls |
82 | read-only ${HOME}/bin | 82 | read-only ${HOME}/bin |
83 | 83 | ||
84 | # top secret | ||
85 | blacklist ${HOME}/.ssh | ||
86 | blacklist ${HOME}/.gnome2/keyrings | ||
87 | blacklist ${HOME}/kde4/share/apps/kwallet | ||
88 | blacklist ${HOME}/kde/share/apps/kwallet | ||
89 | blacklist ${HOME}/.local/share/kwalletd | ||
90 | blacklist ${HOME}/.netrc | ||
91 | blacklist ${HOME}/.gnupg | ||
92 | blacklist ${HOME}/*.kdbx | ||
93 | blacklist ${HOME}/*.kdb | ||
94 | blacklist ${HOME}/*.key | ||
95 | blacklist /etc/shadow | ||
96 | blacklist /etc/gshadow | ||
97 | blacklist /etc/passwd- | ||
98 | blacklist /etc/group- | ||
99 | blacklist /etc/shadow- | ||
100 | blacklist /etc/gshadow- | ||
101 | blacklist /etc/passwd+ | ||
102 | blacklist /etc/group+ | ||
103 | blacklist /etc/shadow+ | ||
104 | blacklist /etc/gshadow+ | ||
105 | blacklist /etc/ssh | ||
106 | blacklist /var/backup | ||
107 | |||
108 | # system management | ||
109 | blacklist ${PATH}/umount | ||
110 | blacklist ${PATH}/mount | ||
111 | blacklist ${PATH}/fusermount | ||
112 | blacklist ${PATH}/su | ||
113 | blacklist ${PATH}/sudo | ||
114 | blacklist ${PATH}/xinput | ||
115 | blacklist ${PATH}/evtest | ||
116 | blacklist ${PATH}/xev | ||
117 | blacklist ${PATH}/strace | ||
118 | blacklist ${PATH}/nc | ||
119 | blacklist ${PATH}/ncat | ||
120 | |||
121 | # system directories | ||
122 | blacklist /sbin | ||
123 | blacklist /usr/sbin | ||
124 | blacklist /usr/local/sbin | ||
diff --git a/etc/disable-mgmt.inc b/etc/disable-mgmt.inc index 0a11d6728..e69de29bb 100644 --- a/etc/disable-mgmt.inc +++ b/etc/disable-mgmt.inc | |||
@@ -1,17 +0,0 @@ | |||
1 | # system directories | ||
2 | blacklist /sbin | ||
3 | blacklist /usr/sbin | ||
4 | blacklist /usr/local/sbin | ||
5 | |||
6 | # system management | ||
7 | blacklist ${PATH}/umount | ||
8 | blacklist ${PATH}/mount | ||
9 | blacklist ${PATH}/fusermount | ||
10 | blacklist ${PATH}/su | ||
11 | blacklist ${PATH}/sudo | ||
12 | blacklist ${PATH}/xinput | ||
13 | blacklist ${PATH}/evtest | ||
14 | blacklist ${PATH}/xev | ||
15 | blacklist ${PATH}/strace | ||
16 | blacklist ${PATH}/nc | ||
17 | blacklist ${PATH}/ncat | ||
diff --git a/etc/dnscrypt-proxy.profile b/etc/dnscrypt-proxy.profile index 5702473d3..368830f15 100644 --- a/etc/dnscrypt-proxy.profile +++ b/etc/dnscrypt-proxy.profile | |||
@@ -1,11 +1,9 @@ | |||
1 | # security profile for dnscrypt-proxy | 1 | # security profile for dnscrypt-proxy |
2 | noblacklist /sbin | 2 | noblacklist /sbin |
3 | noblacklist /usr/sbin | 3 | noblacklist /usr/sbin |
4 | include /etc/firejail/disable-mgmt.inc | ||
5 | include /etc/firejail/disable-common.inc | 4 | include /etc/firejail/disable-common.inc |
6 | include /etc/firejail/disable-programs.inc | 5 | include /etc/firejail/disable-programs.inc |
7 | include /etc/firejail/disable-devel.inc | 6 | include /etc/firejail/disable-devel.inc |
8 | include /etc/firejail/disable-secret.inc | ||
9 | include /etc/firejail/disable-terminals.inc | 7 | include /etc/firejail/disable-terminals.inc |
10 | private | 8 | private |
11 | private-dev | 9 | private-dev |
diff --git a/etc/dropbox.profile b/etc/dropbox.profile index 94b69281b..d31d1be8f 100644 --- a/etc/dropbox.profile +++ b/etc/dropbox.profile | |||
@@ -1,6 +1,4 @@ | |||
1 | # dropbox profile | 1 | # dropbox profile |
2 | include /etc/firejail/disable-mgmt.inc | ||
3 | include /etc/firejail/disable-secret.inc | ||
4 | include /etc/firejail/disable-common.inc | 2 | include /etc/firejail/disable-common.inc |
5 | include /etc/firejail/disable-programs.inc | 3 | include /etc/firejail/disable-programs.inc |
6 | include /etc/firejail/disable-terminals.inc | 4 | include /etc/firejail/disable-terminals.inc |
diff --git a/etc/empathy.profile b/etc/empathy.profile index 015318290..46a69120b 100644 --- a/etc/empathy.profile +++ b/etc/empathy.profile | |||
@@ -1,6 +1,4 @@ | |||
1 | # Empathy instant messaging profile | 1 | # Empathy instant messaging profile |
2 | include /etc/firejail/disable-mgmt.inc | ||
3 | include /etc/firejail/disable-secret.inc | ||
4 | include /etc/firejail/disable-common.inc | 2 | include /etc/firejail/disable-common.inc |
5 | include /etc/firejail/disable-programs.inc | 3 | include /etc/firejail/disable-programs.inc |
6 | include /etc/firejail/disable-devel.inc | 4 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/epiphany.profile b/etc/epiphany.profile index 2e4c7bfc1..b06e6ea78 100644 --- a/etc/epiphany.profile +++ b/etc/epiphany.profile | |||
@@ -1,6 +1,4 @@ | |||
1 | # Epiphany browser profile | 1 | # Epiphany browser profile |
2 | include /etc/firejail/disable-mgmt.inc | ||
3 | include /etc/firejail/disable-secret.inc | ||
4 | include /etc/firejail/disable-common.inc | 2 | include /etc/firejail/disable-common.inc |
5 | include /etc/firejail/disable-programs.inc | 3 | include /etc/firejail/disable-programs.inc |
6 | include /etc/firejail/disable-devel.inc | 4 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/evince.profile b/etc/evince.profile index 8adf82443..7b81c0453 100644 --- a/etc/evince.profile +++ b/etc/evince.profile | |||
@@ -1,6 +1,4 @@ | |||
1 | # evince pdf reader profile | 1 | # evince pdf reader profile |
2 | include /etc/firejail/disable-mgmt.inc | ||
3 | include /etc/firejail/disable-secret.inc | ||
4 | include /etc/firejail/disable-common.inc | 2 | include /etc/firejail/disable-common.inc |
5 | include /etc/firejail/disable-programs.inc | 3 | include /etc/firejail/disable-programs.inc |
6 | include /etc/firejail/disable-devel.inc | 4 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/fbreader.profile b/etc/fbreader.profile index 04d53a841..e7d61160e 100644 --- a/etc/fbreader.profile +++ b/etc/fbreader.profile | |||
@@ -1,7 +1,5 @@ | |||
1 | # fbreader ebook reader profile | 1 | # fbreader ebook reader profile |
2 | noblacklist ${HOME}/.FBReader | 2 | noblacklist ${HOME}/.FBReader |
3 | include /etc/firejail/disable-mgmt.inc | ||
4 | include /etc/firejail/disable-secret.inc | ||
5 | include /etc/firejail/disable-common.inc | 3 | include /etc/firejail/disable-common.inc |
6 | include /etc/firejail/disable-programs.inc | 4 | include /etc/firejail/disable-programs.inc |
7 | include /etc/firejail/disable-devel.inc | 5 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/filezilla.profile b/etc/filezilla.profile index 3643f3f98..39689e717 100644 --- a/etc/filezilla.profile +++ b/etc/filezilla.profile | |||
@@ -1,8 +1,6 @@ | |||
1 | # FileZilla ftp profile | 1 | # FileZilla ftp profile |
2 | noblacklist ${HOME}/.filezilla | 2 | noblacklist ${HOME}/.filezilla |
3 | noblacklist ${HOME}/.config/filezilla | 3 | noblacklist ${HOME}/.config/filezilla |
4 | include /etc/firejail/disable-mgmt.inc | ||
5 | include /etc/firejail/disable-secret.inc | ||
6 | include /etc/firejail/disable-common.inc | 4 | include /etc/firejail/disable-common.inc |
7 | include /etc/firejail/disable-programs.inc | 5 | include /etc/firejail/disable-programs.inc |
8 | include /etc/firejail/disable-devel.inc | 6 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/firefox.profile b/etc/firefox.profile index 9942bd255..f23f84097 100644 --- a/etc/firefox.profile +++ b/etc/firefox.profile | |||
@@ -3,8 +3,6 @@ | |||
3 | noblacklist ~/.mozilla | 3 | noblacklist ~/.mozilla |
4 | noblacklist ~/.cache/mozilla | 4 | noblacklist ~/.cache/mozilla |
5 | noblacklist ~/keepassx.kdbx | 5 | noblacklist ~/keepassx.kdbx |
6 | include /etc/firejail/disable-mgmt.inc | ||
7 | include /etc/firejail/disable-secret.inc | ||
8 | include /etc/firejail/disable-common.inc | 6 | include /etc/firejail/disable-common.inc |
9 | include /etc/firejail/disable-programs.inc | 7 | include /etc/firejail/disable-programs.inc |
10 | include /etc/firejail/disable-devel.inc | 8 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/flashpeak-slimjet.profile b/etc/flashpeak-slimjet.profile index ff3e266c5..613ef6652 100644 --- a/etc/flashpeak-slimjet.profile +++ b/etc/flashpeak-slimjet.profile | |||
@@ -8,8 +8,6 @@ | |||
8 | noblacklist ~/.config/slimjet | 8 | noblacklist ~/.config/slimjet |
9 | noblacklist ~/.cache/slimjet | 9 | noblacklist ~/.cache/slimjet |
10 | noblacklist ~/keepassx.kdbx | 10 | noblacklist ~/keepassx.kdbx |
11 | include /etc/firejail/disable-mgmt.inc | ||
12 | include /etc/firejail/disable-secret.inc | ||
13 | include /etc/firejail/disable-common.inc | 11 | include /etc/firejail/disable-common.inc |
14 | include /etc/firejail/disable-programs.inc | 12 | include /etc/firejail/disable-programs.inc |
15 | include /etc/firejail/disable-terminals.inc | 13 | include /etc/firejail/disable-terminals.inc |
diff --git a/etc/generic.profile b/etc/generic.profile index 42e39e86c..ae42c8a3b 100644 --- a/etc/generic.profile +++ b/etc/generic.profile | |||
@@ -1,8 +1,6 @@ | |||
1 | ################################ | 1 | ################################ |
2 | # Generic GUI application profile | 2 | # Generic GUI application profile |
3 | ################################ | 3 | ################################ |
4 | include /etc/firejail/disable-mgmt.inc | ||
5 | include /etc/firejail/disable-secret.inc | ||
6 | include /etc/firejail/disable-common.inc | 4 | include /etc/firejail/disable-common.inc |
7 | include /etc/firejail/disable-programs.inc | 5 | include /etc/firejail/disable-programs.inc |
8 | include /etc/firejail/disable-terminals.inc | 6 | include /etc/firejail/disable-terminals.inc |
diff --git a/etc/gnome-mplayer.profile b/etc/gnome-mplayer.profile index 414873870..2313f36fc 100644 --- a/etc/gnome-mplayer.profile +++ b/etc/gnome-mplayer.profile | |||
@@ -1,6 +1,4 @@ | |||
1 | # GNOME MPlayer profile | 1 | # GNOME MPlayer profile |
2 | include /etc/firejail/disable-mgmt.inc | ||
3 | include /etc/firejail/disable-secret.inc | ||
4 | include /etc/firejail/disable-common.inc | 2 | include /etc/firejail/disable-common.inc |
5 | include /etc/firejail/disable-programs.inc | 3 | include /etc/firejail/disable-programs.inc |
6 | include /etc/firejail/disable-devel.inc | 4 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/google-chrome-beta.profile b/etc/google-chrome-beta.profile index fd167d9e0..57c224191 100644 --- a/etc/google-chrome-beta.profile +++ b/etc/google-chrome-beta.profile | |||
@@ -2,8 +2,6 @@ | |||
2 | noblacklist ~/.config/google-chrome-beta | 2 | noblacklist ~/.config/google-chrome-beta |
3 | noblacklist ~/.cache/google-chrome-beta | 3 | noblacklist ~/.cache/google-chrome-beta |
4 | noblacklist ~/keepassx.kdbx | 4 | noblacklist ~/keepassx.kdbx |
5 | include /etc/firejail/disable-mgmt.inc | ||
6 | include /etc/firejail/disable-secret.inc | ||
7 | include /etc/firejail/disable-common.inc | 5 | include /etc/firejail/disable-common.inc |
8 | include /etc/firejail/disable-programs.inc | 6 | include /etc/firejail/disable-programs.inc |
9 | include /etc/firejail/disable-terminals.inc | 7 | include /etc/firejail/disable-terminals.inc |
diff --git a/etc/google-chrome-unstable.profile b/etc/google-chrome-unstable.profile index bcd56ed62..e222ccf54 100644 --- a/etc/google-chrome-unstable.profile +++ b/etc/google-chrome-unstable.profile | |||
@@ -2,8 +2,6 @@ | |||
2 | noblacklist ~/.config/google-chrome-unstable | 2 | noblacklist ~/.config/google-chrome-unstable |
3 | noblacklist ~/.cache/google-chrome-unstable | 3 | noblacklist ~/.cache/google-chrome-unstable |
4 | noblacklist ~/keepassx.kdbx | 4 | noblacklist ~/keepassx.kdbx |
5 | include /etc/firejail/disable-mgmt.inc | ||
6 | include /etc/firejail/disable-secret.inc | ||
7 | include /etc/firejail/disable-common.inc | 5 | include /etc/firejail/disable-common.inc |
8 | include /etc/firejail/disable-programs.inc | 6 | include /etc/firejail/disable-programs.inc |
9 | include /etc/firejail/disable-terminals.inc | 7 | include /etc/firejail/disable-terminals.inc |
diff --git a/etc/google-chrome.profile b/etc/google-chrome.profile index c2665f709..767f73f88 100644 --- a/etc/google-chrome.profile +++ b/etc/google-chrome.profile | |||
@@ -2,8 +2,6 @@ | |||
2 | noblacklist ~/.config/google-chrome | 2 | noblacklist ~/.config/google-chrome |
3 | noblacklist ~/.cache/google-chrome | 3 | noblacklist ~/.cache/google-chrome |
4 | noblacklist ~/keepassx.kdbx | 4 | noblacklist ~/keepassx.kdbx |
5 | include /etc/firejail/disable-mgmt.inc | ||
6 | include /etc/firejail/disable-secret.inc | ||
7 | include /etc/firejail/disable-common.inc | 5 | include /etc/firejail/disable-common.inc |
8 | include /etc/firejail/disable-programs.inc | 6 | include /etc/firejail/disable-programs.inc |
9 | include /etc/firejail/disable-terminals.inc | 7 | include /etc/firejail/disable-terminals.inc |
diff --git a/etc/hedgewars.profile b/etc/hedgewars.profile index 0c3743ba3..a9f1da373 100644 --- a/etc/hedgewars.profile +++ b/etc/hedgewars.profile | |||
@@ -3,8 +3,6 @@ | |||
3 | include /etc/firejail/disable-common.inc | 3 | include /etc/firejail/disable-common.inc |
4 | include /etc/firejail/disable-programs.inc | 4 | include /etc/firejail/disable-programs.inc |
5 | include /etc/firejail/disable-devel.inc | 5 | include /etc/firejail/disable-devel.inc |
6 | include /etc/firejail/disable-mgmt.inc | ||
7 | include /etc/firejail/disable-secret.inc | ||
8 | include /etc/firejail/disable-terminals.inc | 6 | include /etc/firejail/disable-terminals.inc |
9 | 7 | ||
10 | caps.drop all | 8 | caps.drop all |
diff --git a/etc/hexchat.profile b/etc/hexchat.profile index 48b0dac40..6ceeaefce 100644 --- a/etc/hexchat.profile +++ b/etc/hexchat.profile | |||
@@ -1,7 +1,5 @@ | |||
1 | # HexChat instant messaging profile | 1 | # HexChat instant messaging profile |
2 | noblacklist ${HOME}/.config/hexchat | 2 | noblacklist ${HOME}/.config/hexchat |
3 | include /etc/firejail/disable-mgmt.inc | ||
4 | include /etc/firejail/disable-secret.inc | ||
5 | include /etc/firejail/disable-common.inc | 3 | include /etc/firejail/disable-common.inc |
6 | include /etc/firejail/disable-programs.inc | 4 | include /etc/firejail/disable-programs.inc |
7 | include /etc/firejail/disable-devel.inc | 5 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/kmail.profile b/etc/kmail.profile index 931df67c3..35a1a15a0 100644 --- a/etc/kmail.profile +++ b/etc/kmail.profile | |||
@@ -1,7 +1,5 @@ | |||
1 | # kmail profile | 1 | # kmail profile |
2 | noblacklist ${HOME}/.gnupg | 2 | noblacklist ${HOME}/.gnupg |
3 | include /etc/firejail/disable-mgmt.inc | ||
4 | include /etc/firejail/disable-secret.inc | ||
5 | include /etc/firejail/disable-common.inc | 3 | include /etc/firejail/disable-common.inc |
6 | include /etc/firejail/disable-programs.inc | 4 | include /etc/firejail/disable-programs.inc |
7 | include /etc/firejail/disable-devel.inc | 5 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/lxterminal.profile b/etc/lxterminal.profile index 7f45c95a9..1d18b0d18 100644 --- a/etc/lxterminal.profile +++ b/etc/lxterminal.profile | |||
@@ -1,7 +1,5 @@ | |||
1 | # lxterminal (LXDE) profile | 1 | # lxterminal (LXDE) profile |
2 | 2 | ||
3 | include /etc/firejail/disable-mgmt.inc | ||
4 | include /etc/firejail/disable-secret.inc | ||
5 | include /etc/firejail/disable-common.inc | 3 | include /etc/firejail/disable-common.inc |
6 | include /etc/firejail/disable-programs.inc | 4 | include /etc/firejail/disable-programs.inc |
7 | blacklist ${HOME}/.pki/nssdb | 5 | blacklist ${HOME}/.pki/nssdb |
diff --git a/etc/midori.profile b/etc/midori.profile index 64a19d452..1cd686bfe 100644 --- a/etc/midori.profile +++ b/etc/midori.profile | |||
@@ -1,7 +1,5 @@ | |||
1 | # Midori browser profile | 1 | # Midori browser profile |
2 | noblacklist ${HOME}/.config/midori | 2 | noblacklist ${HOME}/.config/midori |
3 | include /etc/firejail/disable-mgmt.inc | ||
4 | include /etc/firejail/disable-secret.inc | ||
5 | include /etc/firejail/disable-common.inc | 3 | include /etc/firejail/disable-common.inc |
6 | include /etc/firejail/disable-programs.inc | 4 | include /etc/firejail/disable-programs.inc |
7 | include /etc/firejail/disable-devel.inc | 5 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/mupen64plus.profile b/etc/mupen64plus.profile index ae61ae068..5a4ad4f24 100644 --- a/etc/mupen64plus.profile +++ b/etc/mupen64plus.profile | |||
@@ -1,7 +1,5 @@ | |||
1 | # mupen64plus profile | 1 | # mupen64plus profile |
2 | # manually whitelist ROM files | 2 | # manually whitelist ROM files |
3 | include /etc/firejail/disable-mgmt.inc | ||
4 | include /etc/firejail/disable-secret.inc | ||
5 | include /etc/firejail/disable-common.inc | 3 | include /etc/firejail/disable-common.inc |
6 | include /etc/firejail/disable-programs.inc | 4 | include /etc/firejail/disable-programs.inc |
7 | include /etc/firejail/disable-devel.inc | 5 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/openbox.profile b/etc/openbox.profile index 5fadcee90..42eb5e9fa 100644 --- a/etc/openbox.profile +++ b/etc/openbox.profile | |||
@@ -1,8 +1,7 @@ | |||
1 | ################################ | 1 | ################################ |
2 | # Generic GUI application profile | 2 | # Generic GUI application profile |
3 | ################################ | 3 | ################################ |
4 | include /etc/firejail/disable-mgmt.inc | 4 | include /etc/firejail/disable-common.inc |
5 | include /etc/firejail/disable-secret.inc | ||
6 | include /etc/firejail/disable-terminals.inc | 5 | include /etc/firejail/disable-terminals.inc |
7 | blacklist ${HOME}/.pki/nssdb | 6 | blacklist ${HOME}/.pki/nssdb |
8 | blacklist ${HOME}/.lastpass | 7 | blacklist ${HOME}/.lastpass |
diff --git a/etc/opera-beta.profile b/etc/opera-beta.profile index 91c858738..9659b30de 100644 --- a/etc/opera-beta.profile +++ b/etc/opera-beta.profile | |||
@@ -2,8 +2,6 @@ | |||
2 | noblacklist ~/.config/opera-beta | 2 | noblacklist ~/.config/opera-beta |
3 | noblacklist ~/.cache/opera-beta | 3 | noblacklist ~/.cache/opera-beta |
4 | noblacklist ~/keepassx.kdbx | 4 | noblacklist ~/keepassx.kdbx |
5 | include /etc/firejail/disable-mgmt.inc | ||
6 | include /etc/firejail/disable-secret.inc | ||
7 | include /etc/firejail/disable-common.inc | 5 | include /etc/firejail/disable-common.inc |
8 | include /etc/firejail/disable-programs.inc | 6 | include /etc/firejail/disable-programs.inc |
9 | include /etc/firejail/disable-devel.inc | 7 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/opera.profile b/etc/opera.profile index 74e331bab..3c8868896 100644 --- a/etc/opera.profile +++ b/etc/opera.profile | |||
@@ -2,8 +2,6 @@ | |||
2 | noblacklist ~/.config/opera | 2 | noblacklist ~/.config/opera |
3 | noblacklist ~/.cache/opera | 3 | noblacklist ~/.cache/opera |
4 | noblacklist ~/keepassx.kdbx | 4 | noblacklist ~/keepassx.kdbx |
5 | include /etc/firejail/disable-mgmt.inc | ||
6 | include /etc/firejail/disable-secret.inc | ||
7 | include /etc/firejail/disable-common.inc | 5 | include /etc/firejail/disable-common.inc |
8 | include /etc/firejail/disable-programs.inc | 6 | include /etc/firejail/disable-programs.inc |
9 | include /etc/firejail/disable-devel.inc | 7 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/parole.profile b/etc/parole.profile index 9c7764ff9..3369b191c 100644 --- a/etc/parole.profile +++ b/etc/parole.profile | |||
@@ -1,6 +1,4 @@ | |||
1 | # Profile for Parole, the default XFCE4 media player | 1 | # Profile for Parole, the default XFCE4 media player |
2 | include /etc/firejail/disable-mgmt.inc | ||
3 | include /etc/firejail/disable-secret.inc | ||
4 | include /etc/firejail/disable-common.inc | 2 | include /etc/firejail/disable-common.inc |
5 | include /etc/firejail/disable-programs.inc | 3 | include /etc/firejail/disable-programs.inc |
6 | include /etc/firejail/disable-devel.inc | 4 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/pidgin.profile b/etc/pidgin.profile index b8b04df18..8080a8905 100644 --- a/etc/pidgin.profile +++ b/etc/pidgin.profile | |||
@@ -1,7 +1,5 @@ | |||
1 | # Pidgin profile | 1 | # Pidgin profile |
2 | noblacklist ${HOME}/.purple | 2 | noblacklist ${HOME}/.purple |
3 | include /etc/firejail/disable-mgmt.inc | ||
4 | include /etc/firejail/disable-secret.inc | ||
5 | include /etc/firejail/disable-common.inc | 3 | include /etc/firejail/disable-common.inc |
6 | include /etc/firejail/disable-programs.inc | 4 | include /etc/firejail/disable-programs.inc |
7 | include /etc/firejail/disable-devel.inc | 5 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/polari.profile b/etc/polari.profile index 8cedddc4e..5e40aedf5 100644 --- a/etc/polari.profile +++ b/etc/polari.profile | |||
@@ -1,6 +1,4 @@ | |||
1 | # Polari IRC profile | 1 | # Polari IRC profile |
2 | include /etc/firejail/disable-mgmt.inc | ||
3 | include /etc/firejail/disable-secret.inc | ||
4 | include /etc/firejail/disable-common.inc | 2 | include /etc/firejail/disable-common.inc |
5 | include /etc/firejail/disable-programs.inc | 3 | include /etc/firejail/disable-programs.inc |
6 | include /etc/firejail/disable-devel.inc | 4 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/qbittorrent.profile b/etc/qbittorrent.profile index 9d0f1ae54..87afb78a6 100644 --- a/etc/qbittorrent.profile +++ b/etc/qbittorrent.profile | |||
@@ -1,6 +1,4 @@ | |||
1 | # qbittorrent bittorrent profile | 1 | # qbittorrent bittorrent profile |
2 | include /etc/firejail/disable-mgmt.inc | ||
3 | include /etc/firejail/disable-secret.inc | ||
4 | include /etc/firejail/disable-common.inc | 2 | include /etc/firejail/disable-common.inc |
5 | include /etc/firejail/disable-programs.inc | 3 | include /etc/firejail/disable-programs.inc |
6 | include /etc/firejail/disable-devel.inc | 4 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/qtox.profile b/etc/qtox.profile index aa6efa5cb..976e80c31 100644 --- a/etc/qtox.profile +++ b/etc/qtox.profile | |||
@@ -1,7 +1,5 @@ | |||
1 | # qTox instant messaging profile | 1 | # qTox instant messaging profile |
2 | noblacklist ${HOME}/.config/tox | 2 | noblacklist ${HOME}/.config/tox |
3 | include /etc/firejail/disable-mgmt.inc | ||
4 | include /etc/firejail/disable-secret.inc | ||
5 | include /etc/firejail/disable-common.inc | 3 | include /etc/firejail/disable-common.inc |
6 | include /etc/firejail/disable-programs.inc | 4 | include /etc/firejail/disable-programs.inc |
7 | include /etc/firejail/disable-devel.inc | 5 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/quassel.profile b/etc/quassel.profile index d64b0eaa0..073b50623 100644 --- a/etc/quassel.profile +++ b/etc/quassel.profile | |||
@@ -1,6 +1,4 @@ | |||
1 | # Quassel IRC profile | 1 | # Quassel IRC profile |
2 | include /etc/firejail/disable-mgmt.inc | ||
3 | include /etc/firejail/disable-secret.inc | ||
4 | include /etc/firejail/disable-common.inc | 2 | include /etc/firejail/disable-common.inc |
5 | include /etc/firejail/disable-programs.inc | 3 | include /etc/firejail/disable-programs.inc |
6 | include /etc/firejail/disable-devel.inc | 4 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/qutebrowser.profile b/etc/qutebrowser.profile index 685a4c86f..31b075c7a 100644 --- a/etc/qutebrowser.profile +++ b/etc/qutebrowser.profile | |||
@@ -2,8 +2,6 @@ | |||
2 | 2 | ||
3 | noblacklist ~/.config/qutebrowser | 3 | noblacklist ~/.config/qutebrowser |
4 | noblacklist ~/.cache/qutebrowser | 4 | noblacklist ~/.cache/qutebrowser |
5 | include /etc/firejail/disable-mgmt.inc | ||
6 | include /etc/firejail/disable-secret.inc | ||
7 | include /etc/firejail/disable-common.inc | 5 | include /etc/firejail/disable-common.inc |
8 | include /etc/firejail/disable-programs.inc | 6 | include /etc/firejail/disable-programs.inc |
9 | include /etc/firejail/disable-devel.inc | 7 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/rhythmbox.profile b/etc/rhythmbox.profile index 3ef6da11c..3215063fa 100644 --- a/etc/rhythmbox.profile +++ b/etc/rhythmbox.profile | |||
@@ -1,6 +1,4 @@ | |||
1 | # Rhythmbox media player profile | 1 | # Rhythmbox media player profile |
2 | include /etc/firejail/disable-mgmt.inc | ||
3 | include /etc/firejail/disable-secret.inc | ||
4 | include /etc/firejail/disable-common.inc | 2 | include /etc/firejail/disable-common.inc |
5 | include /etc/firejail/disable-programs.inc | 3 | include /etc/firejail/disable-programs.inc |
6 | include /etc/firejail/disable-devel.inc | 4 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/rtorrent.profile b/etc/rtorrent.profile index 2bb6bf38b..2c6689811 100644 --- a/etc/rtorrent.profile +++ b/etc/rtorrent.profile | |||
@@ -1,6 +1,4 @@ | |||
1 | # rtorrent bittorrent profile | 1 | # rtorrent bittorrent profile |
2 | include /etc/firejail/disable-mgmt.inc | ||
3 | include /etc/firejail/disable-secret.inc | ||
4 | include /etc/firejail/disable-common.inc | 2 | include /etc/firejail/disable-common.inc |
5 | include /etc/firejail/disable-terminals.inc | 3 | include /etc/firejail/disable-terminals.inc |
6 | include /etc/firejail/disable-devel.inc | 4 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/seamonkey.profile b/etc/seamonkey.profile index cbe48e425..08a6ad521 100644 --- a/etc/seamonkey.profile +++ b/etc/seamonkey.profile | |||
@@ -2,8 +2,6 @@ | |||
2 | noblacklist ~/.mozilla | 2 | noblacklist ~/.mozilla |
3 | noblacklist ~/.cache/mozilla | 3 | noblacklist ~/.cache/mozilla |
4 | noblacklist ~/keepassx.kdbx | 4 | noblacklist ~/keepassx.kdbx |
5 | include /etc/firejail/disable-mgmt.inc | ||
6 | include /etc/firejail/disable-secret.inc | ||
7 | include /etc/firejail/disable-common.inc | 5 | include /etc/firejail/disable-common.inc |
8 | include /etc/firejail/disable-programs.inc | 6 | include /etc/firejail/disable-programs.inc |
9 | include /etc/firejail/disable-devel.inc | 7 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/server.profile b/etc/server.profile index 5471aed91..dde80bd18 100644 --- a/etc/server.profile +++ b/etc/server.profile | |||
@@ -2,7 +2,6 @@ | |||
2 | # it allows /sbin and /usr/sbin directories - this is where servers are installed | 2 | # it allows /sbin and /usr/sbin directories - this is where servers are installed |
3 | noblacklist /sbin | 3 | noblacklist /sbin |
4 | noblacklist /usr/sbin | 4 | noblacklist /usr/sbin |
5 | include /etc/firejail/disable-mgmt.inc | ||
6 | private | 5 | private |
7 | private-dev | 6 | private-dev |
8 | private-tmp | 7 | private-tmp |
diff --git a/etc/skype.profile b/etc/skype.profile index c301050b4..77f10e644 100644 --- a/etc/skype.profile +++ b/etc/skype.profile | |||
@@ -1,7 +1,5 @@ | |||
1 | # Skype profile | 1 | # Skype profile |
2 | noblacklist ${HOME}/.Skype | 2 | noblacklist ${HOME}/.Skype |
3 | include /etc/firejail/disable-mgmt.inc | ||
4 | include /etc/firejail/disable-secret.inc | ||
5 | include /etc/firejail/disable-common.inc | 3 | include /etc/firejail/disable-common.inc |
6 | include /etc/firejail/disable-programs.inc | 4 | include /etc/firejail/disable-programs.inc |
7 | include /etc/firejail/disable-devel.inc | 5 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/spotify.profile b/etc/spotify.profile index 5b7cb49a5..326d5d93e 100644 --- a/etc/spotify.profile +++ b/etc/spotify.profile | |||
@@ -1,6 +1,4 @@ | |||
1 | # Spotify media player profile | 1 | # Spotify media player profile |
2 | include /etc/firejail/disable-mgmt.inc | ||
3 | include /etc/firejail/disable-secret.inc | ||
4 | include /etc/firejail/disable-common.inc | 2 | include /etc/firejail/disable-common.inc |
5 | include /etc/firejail/disable-programs.inc | 3 | include /etc/firejail/disable-programs.inc |
6 | include /etc/firejail/disable-devel.inc | 4 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/ssh.profile b/etc/ssh.profile index d78fa749d..f0e33540a 100644 --- a/etc/ssh.profile +++ b/etc/ssh.profile | |||
@@ -1,7 +1,5 @@ | |||
1 | # ssh client | 1 | # ssh client |
2 | noblacklist ~/.ssh | 2 | noblacklist ~/.ssh |
3 | include /etc/firejail/disable-mgmt.inc | ||
4 | include /etc/firejail/disable-secret.inc | ||
5 | include /etc/firejail/disable-common.inc | 3 | include /etc/firejail/disable-common.inc |
6 | include /etc/firejail/disable-programs.inc | 4 | include /etc/firejail/disable-programs.inc |
7 | include /etc/firejail/disable-terminals.inc | 5 | include /etc/firejail/disable-terminals.inc |
diff --git a/etc/steam.profile b/etc/steam.profile index 73ef1e70b..7cfa21028 100644 --- a/etc/steam.profile +++ b/etc/steam.profile | |||
@@ -1,8 +1,6 @@ | |||
1 | # Steam profile (applies to games/apps launched from Steam as well) | 1 | # Steam profile (applies to games/apps launched from Steam as well) |
2 | noblacklist ${HOME}/.steam | 2 | noblacklist ${HOME}/.steam |
3 | noblacklist ${HOME}/.local/share/steam | 3 | noblacklist ${HOME}/.local/share/steam |
4 | include /etc/firejail/disable-mgmt.inc | ||
5 | include /etc/firejail/disable-secret.inc | ||
6 | include /etc/firejail/disable-common.inc | 4 | include /etc/firejail/disable-common.inc |
7 | include /etc/firejail/disable-programs.inc | 5 | include /etc/firejail/disable-programs.inc |
8 | include /etc/firejail/disable-devel.inc | 6 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/telegram.profile b/etc/telegram.profile index 8027846dc..acafdda00 100644 --- a/etc/telegram.profile +++ b/etc/telegram.profile | |||
@@ -1,7 +1,5 @@ | |||
1 | # Telegram IRC profile | 1 | # Telegram IRC profile |
2 | noblacklist ${HOME}/.TelegramDesktop | 2 | noblacklist ${HOME}/.TelegramDesktop |
3 | include /etc/firejail/disable-mgmt.inc | ||
4 | include /etc/firejail/disable-secret.inc | ||
5 | include /etc/firejail/disable-common.inc | 3 | include /etc/firejail/disable-common.inc |
6 | include /etc/firejail/disable-programs.inc | 4 | include /etc/firejail/disable-programs.inc |
7 | include /etc/firejail/disable-devel.inc | 5 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/thunderbird.profile b/etc/thunderbird.profile index f56d50523..7f83e2809 100644 --- a/etc/thunderbird.profile +++ b/etc/thunderbird.profile | |||
@@ -1,7 +1,5 @@ | |||
1 | # Firejail profile for Mozilla Thunderbird (Icedove in Debian) | 1 | # Firejail profile for Mozilla Thunderbird (Icedove in Debian) |
2 | noblacklist ${HOME}/.gnupg | 2 | noblacklist ${HOME}/.gnupg |
3 | include /etc/firejail/disable-mgmt.inc | ||
4 | include /etc/firejail/disable-secret.inc | ||
5 | include /etc/firejail/disable-devel.inc | 3 | include /etc/firejail/disable-devel.inc |
6 | include /etc/firejail/disable-terminals.inc | 4 | include /etc/firejail/disable-terminals.inc |
7 | 5 | ||
diff --git a/etc/totem.profile b/etc/totem.profile index bee8d8678..2cff319a7 100644 --- a/etc/totem.profile +++ b/etc/totem.profile | |||
@@ -1,6 +1,4 @@ | |||
1 | # Totem media player profile | 1 | # Totem media player profile |
2 | include /etc/firejail/disable-mgmt.inc | ||
3 | include /etc/firejail/disable-secret.inc | ||
4 | include /etc/firejail/disable-common.inc | 2 | include /etc/firejail/disable-common.inc |
5 | include /etc/firejail/disable-programs.inc | 3 | include /etc/firejail/disable-programs.inc |
6 | include /etc/firejail/disable-devel.inc | 4 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/transmission-gtk.profile b/etc/transmission-gtk.profile index ac229e43b..269686fa1 100644 --- a/etc/transmission-gtk.profile +++ b/etc/transmission-gtk.profile | |||
@@ -1,6 +1,4 @@ | |||
1 | # transmission-gtk profile | 1 | # transmission-gtk profile |
2 | include /etc/firejail/disable-mgmt.inc | ||
3 | include /etc/firejail/disable-secret.inc | ||
4 | include /etc/firejail/disable-common.inc | 2 | include /etc/firejail/disable-common.inc |
5 | include /etc/firejail/disable-programs.inc | 3 | include /etc/firejail/disable-programs.inc |
6 | include /etc/firejail/disable-devel.inc | 4 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/transmission-qt.profile b/etc/transmission-qt.profile index 6e4f096a0..d032752b4 100644 --- a/etc/transmission-qt.profile +++ b/etc/transmission-qt.profile | |||
@@ -1,6 +1,4 @@ | |||
1 | # transmission-qt profile | 1 | # transmission-qt profile |
2 | include /etc/firejail/disable-mgmt.inc | ||
3 | include /etc/firejail/disable-secret.inc | ||
4 | include /etc/firejail/disable-common.inc | 2 | include /etc/firejail/disable-common.inc |
5 | include /etc/firejail/disable-programs.inc | 3 | include /etc/firejail/disable-programs.inc |
6 | include /etc/firejail/disable-devel.inc | 4 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/uget-gtk.profile b/etc/uget-gtk.profile index b3360ffb1..4a6544a12 100644 --- a/etc/uget-gtk.profile +++ b/etc/uget-gtk.profile | |||
@@ -1,6 +1,4 @@ | |||
1 | # uGet profile | 1 | # uGet profile |
2 | include /etc/firejail/disable-mgmt.inc | ||
3 | include /etc/firejail/disable-secret.inc | ||
4 | include /etc/firejail/disable-common.inc | 2 | include /etc/firejail/disable-common.inc |
5 | include /etc/firejail/disable-programs.inc | 3 | include /etc/firejail/disable-programs.inc |
6 | include /etc/firejail/disable-devel.inc | 4 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/unbound.profile b/etc/unbound.profile index 7f36e9588..594d67cf9 100644 --- a/etc/unbound.profile +++ b/etc/unbound.profile | |||
@@ -1,11 +1,9 @@ | |||
1 | # security profile for unbound (https://unbound.net) | 1 | # security profile for unbound (https://unbound.net) |
2 | noblacklist /sbin | 2 | noblacklist /sbin |
3 | noblacklist /usr/sbin | 3 | noblacklist /usr/sbin |
4 | include /etc/firejail/disable-mgmt.inc | ||
5 | include /etc/firejail/disable-common.inc | 4 | include /etc/firejail/disable-common.inc |
6 | include /etc/firejail/disable-programs.inc | 5 | include /etc/firejail/disable-programs.inc |
7 | include /etc/firejail/disable-devel.inc | 6 | include /etc/firejail/disable-devel.inc |
8 | include /etc/firejail/disable-secret.inc | ||
9 | include /etc/firejail/disable-terminals.inc | 7 | include /etc/firejail/disable-terminals.inc |
10 | private | 8 | private |
11 | private-dev | 9 | private-dev |
diff --git a/etc/vivaldi.profile b/etc/vivaldi.profile index a353a4ca8..e039c4676 100644 --- a/etc/vivaldi.profile +++ b/etc/vivaldi.profile | |||
@@ -2,8 +2,6 @@ | |||
2 | noblacklist ~/.config/vivaldi | 2 | noblacklist ~/.config/vivaldi |
3 | noblacklist ~/.cache/vivaldi | 3 | noblacklist ~/.cache/vivaldi |
4 | noblacklist ~/keepassx.kdbx | 4 | noblacklist ~/keepassx.kdbx |
5 | include /etc/firejail/disable-mgmt.inc | ||
6 | include /etc/firejail/disable-secret.inc | ||
7 | include /etc/firejail/disable-common.inc | 5 | include /etc/firejail/disable-common.inc |
8 | include /etc/firejail/disable-programs.inc | 6 | include /etc/firejail/disable-programs.inc |
9 | include /etc/firejail/disable-devel.inc | 7 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/vlc.profile b/etc/vlc.profile index 3652e1f7d..980d2816f 100644 --- a/etc/vlc.profile +++ b/etc/vlc.profile | |||
@@ -1,7 +1,5 @@ | |||
1 | # VLC media player profile | 1 | # VLC media player profile |
2 | noblacklist ${HOME}/.config/vlc | 2 | noblacklist ${HOME}/.config/vlc |
3 | include /etc/firejail/disable-mgmt.inc | ||
4 | include /etc/firejail/disable-secret.inc | ||
5 | include /etc/firejail/disable-common.inc | 3 | include /etc/firejail/disable-common.inc |
6 | include /etc/firejail/disable-programs.inc | 4 | include /etc/firejail/disable-programs.inc |
7 | include /etc/firejail/disable-devel.inc | 5 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/weechat.profile b/etc/weechat.profile index 4041332be..ec305b45b 100644 --- a/etc/weechat.profile +++ b/etc/weechat.profile | |||
@@ -1,9 +1,7 @@ | |||
1 | # Weechat IRC profile | 1 | # Weechat IRC profile |
2 | noblacklist ${HOME}/.weechat | 2 | noblacklist ${HOME}/.weechat |
3 | include /etc/firejail/disable-mgmt.inc | ||
4 | include /etc/firejail/disable-common.inc | 3 | include /etc/firejail/disable-common.inc |
5 | include /etc/firejail/disable-programs.inc | 4 | include /etc/firejail/disable-programs.inc |
6 | include /etc/firejail/disable-secret.inc | ||
7 | include /etc/firejail/disable-terminals.inc | 5 | include /etc/firejail/disable-terminals.inc |
8 | caps.drop all | 6 | caps.drop all |
9 | seccomp | 7 | seccomp |
diff --git a/etc/wesnoth.profile b/etc/wesnoth.profile index 57bb13e9d..7a2ade1fe 100644 --- a/etc/wesnoth.profile +++ b/etc/wesnoth.profile | |||
@@ -3,8 +3,6 @@ | |||
3 | include /etc/firejail/disable-common.inc | 3 | include /etc/firejail/disable-common.inc |
4 | include /etc/firejail/disable-programs.inc | 4 | include /etc/firejail/disable-programs.inc |
5 | include /etc/firejail/disable-devel.inc | 5 | include /etc/firejail/disable-devel.inc |
6 | include /etc/firejail/disable-mgmt.inc | ||
7 | include /etc/firejail/disable-secret.inc | ||
8 | include /etc/firejail/disable-terminals.inc | 6 | include /etc/firejail/disable-terminals.inc |
9 | 7 | ||
10 | caps.drop all | 8 | caps.drop all |
diff --git a/etc/wine.profile b/etc/wine.profile index 5a86977ee..993037794 100644 --- a/etc/wine.profile +++ b/etc/wine.profile | |||
@@ -2,8 +2,6 @@ | |||
2 | noblacklist ${HOME}/.steam | 2 | noblacklist ${HOME}/.steam |
3 | noblacklist ${HOME}/.local/share/steam | 3 | noblacklist ${HOME}/.local/share/steam |
4 | noblacklist ${HOME}/.wine | 4 | noblacklist ${HOME}/.wine |
5 | include /etc/firejail/disable-mgmt.inc | ||
6 | include /etc/firejail/disable-secret.inc | ||
7 | include /etc/firejail/disable-common.inc | 5 | include /etc/firejail/disable-common.inc |
8 | include /etc/firejail/disable-programs.inc | 6 | include /etc/firejail/disable-programs.inc |
9 | include /etc/firejail/disable-devel.inc | 7 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/xchat.profile b/etc/xchat.profile index 360ca96a5..552918750 100644 --- a/etc/xchat.profile +++ b/etc/xchat.profile | |||
@@ -1,7 +1,5 @@ | |||
1 | # XChat IRC profile | 1 | # XChat IRC profile |
2 | noblacklist ${HOME}/.config/xchat | 2 | noblacklist ${HOME}/.config/xchat |
3 | include /etc/firejail/disable-mgmt.inc | ||
4 | include /etc/firejail/disable-secret.inc | ||
5 | include /etc/firejail/disable-common.inc | 3 | include /etc/firejail/disable-common.inc |
6 | include /etc/firejail/disable-programs.inc | 4 | include /etc/firejail/disable-programs.inc |
7 | include /etc/firejail/disable-devel.inc | 5 | include /etc/firejail/disable-devel.inc |
@@ -75,3 +75,5 @@ CapBnd: 0000003fffffffff | |||
75 | CapAmb: 0000000000000000 | 75 | CapAmb: 0000000000000000 |
76 | 76 | ||
77 | 11. cleanup thunderbird profile - disable-common was commented out | 77 | 11. cleanup thunderbird profile - disable-common was commented out |
78 | |||
79 | 12. removed disable_mgmgt.inc form server.profile, replace the information | ||